Tony Arcieri writes:
>Do you think we'll see real-world MitM attacks against RSA-PSS in TLS similar
>to those we've seen with PKCS#1v1.5 signature forgery, such as BERserk?
Not BERserk specifically because that was an attack on the ASN.1, not the
signature format. OTOH PSS doesn't encode the ha
Tony Arcieri wrote:
[ Charset UTF-8 unsupported, converting... ]
> On Monday, August 8, 2016, Martin Rex wrote:
> >
> > The urban myth about the advantages of the RSA-PSS signature scheme
> > over PKCS#1 v1.5 keep coming up.
>
> Do you think we'll see real-world MitM attacks against RSA-PSS in TL
All,
We've received a request for early IANA assignments for the 6 cipher suites
listed in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-psk-aead/.
Please respond before August 23rd if you have concerns about early code point
assignment for these cipher suites.
J&S
__
On Tue, Aug 9, 2016 at 7:16 AM, Martin Rex wrote:
> BERserk is an implementation defect, not a crypto weakness.
>
Hence why I phrased the question the way I did. Per Izu, Shimoyama, and
Takenaka 2006, PKCS#1 v1.5 has sharp edges which implementers must avoid
(of course, the same can be said of B
It's also worth noting that BERserk is one of many such incidents of this
coming up in practice:
https://cryptosense.com/why-pkcs1v1-5-signature-should-also-be-put-out-of-our-misery/
On Tue, Aug 9, 2016 at 2:13 PM, Tony Arcieri wrote:
> On Tue, Aug 9, 2016 at 7:16 AM, Martin Rex wrote:
>
>> BER
On 10 August 2016 at 04:45, Sean Turner wrote:
> We've received a request for early IANA assignments for the 6 cipher suites
> listed in https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-psk-aead/.
> Please respond before August 23rd if you have concerns about early code point
> assignment
